Bugtraq mailing list archives

Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host

From: Rich Pieri <ratinox () mit edu>
Date: Thu, 27 Aug 2015 11:03:34 -0400

On 8/26/15 8:09 PM, vozzie () gmail com wrote:

Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't
accept the admission because it's not a remote vulnerability.
Surprisingly Microsoft didn't accept the vulnerability because "UAC
isn't considered a security boundary".


UAC is not a security boundary. It's purpose is to annoy users in order
to force vendors to fix their bad code:

http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/

-- 
Rich Pieri <ratinox () mit edu>
MIT Laboratory for Nuclear Science

Current thread:

UAC Bypass Vulnerability on "Windows 7" in Windows Script Host vozzie (Aug 27)
- Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host Rich Pieri (Aug 27)
- <Possible follow-ups>
- Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host kev . r (Aug 31)